I looked into the command line options for partition encryption on Linux today. It is possible to have more than one key to encrypt/decrypt a partition. I tried first to add a further encryption key (passphrase) to the partition. But first I had a look into the keys that already in the wallet of the partition with:
cryptsetup luksDump <device>
e.g.: cryptsetup luksDump /dev/sda3
I got a list of key slots. Only the key slot 0 has a value. It contains the encryption key (passphrase), which was set during the installation.
I could add a new encryption key with the command:
cryptsetup luksAddKey <device>
e.g.: cryptsetup luksAddKey /dev/sda3
I had to add the passphrase of the already existing encryption key and could afterwards insert a passphrase for the new encryption file (twice, because of verification). The passphrase will not be visible during typing.
I rerun the cryptsetup luksDump command and got the information that there were occupied two key slots yet, the slots 0 and 1.
Because there are two encryption keys available for this partition yet, it is possible to remove one of them. I use the remove command for this:
cryptsetup luksRemoveKey <device>
e.g. cryptsetup luksRemoveKey /dev/sda3
I was asked for the passphrase of the encryption key that I wanted to remove. I typed in the passphrase for the key on slot 0 and the key from this slot were removed. I checked this with the cryptsetup luksDump command. The key slot 0 was empty yet.
I added a further encryption key with the cryptsetup luksAddKey command. I had first to submit the passphrase of one of the available keys for the partition, in this case the passphrase for the key in slot 1. Then I could add a new key by typing in its passphrase twice (to verify it). I checked again with the cryptsetup luksDump command. The new encryption key was writen to first available free key slot, in this case key slot 0.